[Openswan Users] Can Ping but nothing else
P
ipsec at dogclan.com
Fri Sep 3 09:22:09 CEST 2004
Hi all, I'm looking for a little direction here.
I'm running 2 Fedora Core 2 Gateways with Openswan 2.1.5-1 on each. I've
built 4 tunnels:
Network-Network
Left Subnet-Right Gateway
Left Gateway-Right Subnet
Gateway to Gateway
My setup looks something liket this:
Gateway 1
Gateway 2
10.0.0.0 subnet------10.0.0.1--64.x.x.x
---151.x.x.x--10.0.1.1----10.0.1.0 subnet
eth1 eth0
eth0 eth1
using the following /etc/ipsec.conf:
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=all
# plutodebug=dns
interfaces="%defaultroute"
klipsdebug=none
plutodebug=none
uniqueids=yes
conn %default
keyingtries=1
conn leftnet-rightnet
left=64.x.x.x
leftsubnet=10.0.0.0/24
leftid=64.x.x.x
leftrsasigkey=(LEFTKEY)
right=151.x.x.x
rightsubnet=10.0.1.0/24
rightid=151.x.x.x
rightrsasigkey=(RIGHTKEY)
rightnexthop=151.x.x.1
auto=start
conn leftgate-rightgate
left=64.x.x.x
leftnexthop=64.x.x.1
leftrsasigkey=(LEFTKEY)
right=151.x.x.x
rightnexthop=151.x.x.1
rightrsasigkey=(RIGHTKEY)
conn leftgate-rightnet
leftid=64.x.x.x
left=64.x.x.x
leftrsasigkey=(LEFTKEY)
leftnexthop=64.x.x.1
rightid=151.x.x.x
right=151.x.x.x
rightsubnet=10.0.1.0/24
rightrsasigkey=(RIGHTKEY)
rightnexthop=151.x.x.1
auto=start
conn leftnet-rightgate
leftid=64.x.x.x
left=64.x.x.x
leftsubnet=10.0.0.0/24
leftrsasigkey=(LEFTKEY)
leftnexthop=64.x.x.1
rightid=151.x.x.x
right=151.x.x.x
rightrsasigkey=(RIGHTKEY)
auto=start
The tunnels come up and I can ping across the vpn with no problem. I
can ping from a client machine to another client, ect. But that's it.
I can do anthing else. Cant access shares, can't connect via remote
desktop, can't connect to another remote admin program I've installed
for testing, can't connect to a mail server that's on the other side of
the vpn. It seems the only thing I can do is ping. I'm not getting any
firewall hits if I watch /var/log/messages while trying to use any of
the previously mentions apps so I'm sure it's not firewall stopping it.
I've tried running the app from subnet 1 and run tcpdump on eth1 on
gateway 2 and I see the packets going across that interface. At this
point I'm pretty stumped.
I will be happy to post any other info if it's needed. Just looking to
be pointed in the right direction.....
~P~
More information about the Users
mailing list